我正在尝试在CentOS 6.4上配置Rsyslog 5.8.10以将Apache的错误和访问日志发送到远程服务器.它有效,但我有几个问题.
更新:A,B和C是唯一待定答案的人.
A)我想尽可能少地使用队列(和资源).我将错误日志发送到服务器A,将访问日志发送到服务器A,将一个流中的两个日志发送到服务器B.我应该为每个外部服务指定一个队列(2个队列)还是每个流指定一个队列(3个队列,就像我现在一样) )?这就是我所拥有的:
$ActionResumeInterval 10 $ActionQueueSize 100000 $ActionQueueDiscardMark 97500 $ActionQueueHighWaterMark 80000 $ActionQueueType LinkedList $ActionQueueFileName logglyaccessqueue $ActionQueueCheckpointInterval 100 $ActionQueueMaxDiskSpace 1g $ActionResumeRetryCount -1 $ActionQueueSaveOnShutdown on $ActionQueueTimeoutEnqueue 10 $ActionQueueDiscardSeverity 0 if $syslogtag startswith 'www-access' then @@logs-01.loggly.com:514;logglyaccess $ActionResumeInterval 10 $ActionQueueSize 100000 $ActionQueueDiscardMark 97500 $ActionQueueHighWaterMark 80000 $ActionQueueType LinkedList $ActionQueueFileName logglyerrorsqueue $ActionQueueCheckpointInterval 100 $ActionQueueMaxDiskSpace 1g $ActionResumeRetryCount -1 $ActionQueueSaveOnShutdown on $ActionQueueTimeoutEnqueue 10 $ActionQueueDiscardSeverity 0 if $syslogtag startswith 'www-errors' then @@logs-01.loggly.com:514;logglyerrors $DefaultNetstreamDriverCAFile /etc/syslog.papertrail.crt # trust these CAs $ActionSendStreamDriver gtls # use gtls netstream driver $ActionSendStreamDriverMode 1 # require TLS $ActionSendStreamDriverAuthMode x509/name # authenticate by hostname $ActionResumeInterval 10 $ActionQueueSize 100000 $ActionQueueDiscardMark 97500 $ActionQueueHighWaterMark 80000 $ActionQueueType LinkedList $ActionQueueFileName papertrailqueue $ActionQueueCheckpointInterval 100 $ActionQueueMaxDiskSpace 1g $ActionResumeRetryCount -1 $ActionQueueSaveOnShutdown on $ActionQueueTimeoutEnqueue 10 $ActionQueueDiscardSeverity 0 *.* @@logs.papertrailapp.com:XXXXX;papertrailstandard & ~
B)队列块是否被其后的每个发送操作反复使用或仅由第一个发送操作使用,或者仅在遇到发送然后执行丢弃操作(〜)之前一直使用?
C)如何重置队列块以便即将发送的发送操作根本不使用队列?
D)TLS块是否被其后的每个发送操作反复使用或仅由第一个发送操作使用,或者仅在它遇到发送后发送丢弃操作(〜)时才被使用?
E)如何重置TLS块以便即将发送的发送操作根本不使用TLS?
F)如果我运行rsyslog -N1,我得到:
rsyslogd -N1 rsyslogd: version 5.8.10,config validation run (level 1),master config /etc/rsyslog.conf rsyslogd: WARNING: rsyslogd is running in compatibility mode. Automatically generated config directives may interfer with your rsyslog.conf settings. We suggest upgrading your config and adding -c5 as the first rsyslogd option. rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: ModLoad immark rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: MarkMessagePeriod 1200 rsyslogd: Warning: backward compatibility layer added to following directive to rsyslog.conf: ModLoad imuxsock rsyslogd: End of config validation run. Bye.
我在哪里放置-c5以便它不再以兼容模式运行?
只要填写我认识的人
D)是,对于所有后续的,除非调用E).
E)是:omusrmsg:0在下一次发送之前($ActionSendStreamDriverMode 0已弃用)